US MILITARY SOCIAL SPYING ARCHIVE EXPOSED
Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages all scraped from around the world by the US military to identify and profile persons of interest.
The archives were found by UpGuard's veteran security-breach hunter Chris Vickery during a routine scan of open Amazon-hosted data silos, and the trio weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive.
CENTCOM is the common abbreviation for the US Central Command, which controls the army, navy, air force, marines and special ops in the Middle East, north Africa and central Asia. PACOM is the name for US Pacific Command, covering the rest of southern Asia, China and Australasia.
Vickery told The Register today he stumbled upon them by accident while running a scan for the word "COM" in publicly accessible S3 buckets. After refining his search, the CENTCOM archive popped up, and at first he thought it was related to Chinese multinational Tencent, but quickly realized it was a US military archive of astounding size.
"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate."
For more info ... please click the ( TheRegister.co.uk ) previous Hat/Tip link.